Important: httpd24

Issue Overview: Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE CVE-2020-11984 Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to...

CVE-2024-42835

CVE-2024-42835 affects langflow v1.0.12 via the PythonCodeTool component, leading to remote code execution due to insufficient input validation/execution handling. Multiple connected sources (Red Hat, Veracode, OSV, GHSA, CVE listings, PT-Security) confirm an RCE risk through PythonCodeTool, with...

CVE-2023-52044

Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution RCE as there is no restriction for uploading files with the .php8 extension...

CVE-2024-42835

langflow v1.0.12 was discovered to contain a remote code execution RCE vulnerability via the PythonCodeTool component...

CVE-2024-51243

The eladmin v2.7 and before contains a remote code execution RCE vulnerability that can control all application deployment servers of this management system via DeployController.java...

CVE-2024-51243

The eladmin v2.7 and before contains a remote code execution RCE vulnerability that can control all application deployment servers of this management system via DeployController.java...

CVE-2024-51243

The vulnerability CVE-2024-51243 affects eladmin v2.7 and earlier. Concretely, an RCE exists that can allow an attacker to control all application deployment servers through DeployController.java. The Red Hat and other adapters corroborate the same root cause. No exploitation details or fix/versi...

Exploit for OS Command Injection in Cyberpanel

CyberPanel Command Injection Vulnerability - CVE-2024-51378...

CVE-2024-48138

A remote code execution RCE vulnerability in the component /PluXml/core/admin/parametresedittpl.php of PluXml v5.8.16 and lower allows attackers to execute arbitrary code via injecting a crafted payload into a template...

PYSEC-2024-259

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

Path Traversal

org.openrefine.dependencies Butterfly is vulnerable to path traversal. The vulnerability is due to improper handling of file:/ URLs, which are accepted in place of relative paths. It allows unauthorized access to local and remote files and enables multiple attacks, including path traversal, SSRF,...

CVE-2024-6868

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...

CVE-2024-6868

CVE-2024-6868 affects mudler/LocalAI (version 2.17.1). The issue is improper handling of automatic archive extraction when model configurations specify archives (for example, .tar), causing archives to be extracted after download and enabling a potentially destructive “tarslip” that can write fil...

Exploit for CVE-2024-27954

⚠️ CVE-2024-27954 💀 Automatic Remote code Execution Exploit...

CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

PT-2024-32976 · Facebook +1 · Pytorch +1

Name of the Vulnerable Software and Affected Versions: PyTorch versions prior to 2.4.1 Description: The issue concerns the RemoteModule in PyTorch, which is reported to have Deserialization RCE. However, it is noted that this behavior is intended in PyTorch distributed computing and is disputed b...

CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

CVE-2024-51568

CyberPanel aka Cyber Panel before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner sink. There is /filemanager/upload aka File Manager upload unauthenticated remote code execution via shell metacharacters...